CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 641:

  A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material.

  Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?

  A. Add client addresses to the blocklist.
  B. Update the DLP rules and metadata.
  C. Sanitize the marketing material.
  D. Update the insider threat procedures.
  B. Update the DLP rules and metadata.

• Question 642:

  Employees of a large financial company are continuously being Infected by strands of malware that are not detected by EDR tools. When of the following Is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites?

  A. MFA on the workstations
  B. Additional host firewall rules
  C. VDI environment
  D. Hard drive encryption
  E. Network access control
  F. Network segmentation
  C. VDI environment

• Question 643:

  A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named Webserverlist. Xml. The host list is provided in a file named werbserverlist,text. Which of the fallowing Nmap commands would BEST accomplish this goal?

  A. nmap -iL webserverlist.txt -sC -p 443 -oX webserverlist.xml
  B. nmap -iL webserverlist.txt -sV -p 443 -oX webserverlist.xml
  C. nmap -iL webserverlist.txt -F -p 443 -oX webserverlist.xml
  D. nmap --takefile webserverlist.txt --outputfileasXML webserverlist.xml 璼canports 443
  B. nmap -iL webserverlist.txt -sV -p 443 -oX webserverlist.xml

• Question 644:

  An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application. The working hypothesis is as follows:

  1.

  Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target.

  2.

  The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services.

  3.

  The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

  As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use?

  A. Improving detection capabilities
  B. Bundling critical assets
  C. Profiling threat actors and activities
  D. Reducing the attack surface area
  D. Reducing the attack surface area

• Question 645:

  A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of "password" grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before a production deployment?

  A. Manual peer review
  B. User acceptance testing
  C. Input validation
  D. Stress test the application
  C. Input validation

• Question 646:

  A company's senior human resources administrator left for another position, and the assistant administrator was promoted into the senior position. On the official start day, the new senior administrator planned to ask for extended access permissions but noticed the permissions were automatically granted on that day.

  Which of the following describes the access management policy in place at the company?

  A. Mandatory-based
  B. Host-based
  C. Federated access
  D. Role-based
  D. Role-based

• Question 647:

  An organization subscribes to multiple third-party security intelligence feeds. It receives a notification from one of these feeds indicating a zero-day malware attack is impacting the SQL server prior to SP 2. The notification also indicates that infected systems attempt to communicate to external IP addresses on port 2718 to download additional payload. After consulting with the organization's database administrator, it is determined that there are several SQL servers that are still on SP 1, and none of the SQL servers would normally communicate over port 2718. Which of the following is the BEST mitigation step to implement until the SQL servers can be upgraded to SP 2 with minimal impact to the network?

  A. Create alert rules on the IDS for all outbound traffic on port 2718 from the IP addresses if the SQL servers running SQL SP 1
  B. On the organization's firewalls, create a new rule that blocks outbound traffic on port 2718 from the IP addresses of the servers running SQL SP 1
  C. Place all the SQL servers running SP 1 on a separate subnet On the firewalls, create a new rule blocking connections to destination addresses external to the organization's network
  D. On the SQL servers running SP 1, install vulnerability scanning software
  B. On the organization's firewalls, create a new rule that blocks outbound traffic on port 2718 from the IP addresses of the servers running SQL SP 1

• Question 648:

  Law enforcement has contacted a corporation's legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

  A. Perform security awareness training about incident communication.
  B. Request all employees verbally commit to an NDA about the breach.
  C. Temporarily disable employee access to social media
  D. Have law enforcement meet with employees.
  A. Perform security awareness training about incident communication.

• Question 649:

  Which of the following is the MOST important objective of a post-incident review?

  A. Capture lessons learned and improve incident response processes
  B. Develop a process for containment and continue improvement efforts
  C. Identify new technologies and strategies to remediate
  D. Identify a new management strategy
  A. Capture lessons learned and improve incident response processes

• Question 650:

  An organization has the following risk mitigation policies

  Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000 Other nsk mitigation will be pnontized based on risk value.

  The following risks have been identified:

  

  Which of the following is the ordei of priority for risk mitigation from highest to lowest?

  A. A, C, D, B
  B. B, C, D, A
  C. C, B, A, D
  D. C. D, A, B
  E. D, C, B, A
  C. C, B, A, D

  ---

  Explanation/Reference:

  The order of priority for risk mitigation from highest to lowest is C, B, A, D. This order is based on applying the risk mitigation policies of the organization. According to the first policy, risks without compensating controls will be mitigated first if the risk value is greater than $50,000. Risk C has no compensating controls and a risk value of $75,000, so it is the highest priority. Risk B also has no compensating controls, but a risk value of $40,000, so it is the second priority. According to the second policy, other risk mitigation will be prioritized based on risk value. Risk A has a risk value of $60,000 and a compensating control of encryption, so it is the third priority. Risk D has a risk value of $50,000 and a compensating control of backup power supply, so it is the lowest priority.